SANS Security Awareness & Culture Summit 2026

Wed, Aug 19 - Fri, Aug 28, 2026
4 Courses
12 CPEs (Summit Only)
English

Caesars Palace & Virtual (PT)

3570 Las Vegas Blvd South, Las Vegas, NV 89109

Jump to:

Event Highlights
Courses
Speakers
Schedule
Location

Summit: Aug 27-28 | Training: Aug 19-26 | Summit Co-Chairs: Lance Spitzner & Hannah Hardee | In-Person and Live Online Summit CPE Credits: 12

Advancing Security Culture

Slide 1 of 2
Slide 2 of 2

Join us for the 13th annual SANS Security Awareness & Culture Summit. Learn, connect, and share with thousands of fellow security awareness, behavior, and culture professionals from around the world. Whether you choose to attend in-person for an all-access experience, or Live Online for access to select talks, this event is designed to equip you with the tools and knowledge needed to drive meaningful security culture change.

"A phenomenal quality of information from industry professionals. I feel so empowered to enact change in my organization." - Kat Bergeron

What Attendees Say

Slide 1 of 3
As always, I have so many immediately actionable and down-the-road takeaways from this Summit that the value has already far exceeded the cost. This Summit will now be a permanent part of our OPA budget.
Geoff Parker
Slide 2 of 3
This is by far my favorite conference every year!
Maureen PremoCISA
Slide 3 of 3
I really enjoyed the different approaches to Security Awareness — from the tactical to the strategic, and from the basics to some really groundbreaking ideas and innovations.
John Woodling

Summit Highlights

In-Depth Talks and Sessions

Top practitioners share research, tech, and case studies on shifting not just behavior, but attitudes and beliefs about cybersecurity. Explore proven advances in how to engage, communicate with, and secure your workforce.

SANS Security Awareness & Culture Summit 2026: Woman Presenting on a Stage

Workshops

For those attending in-person, engage in interactive, hands-on workshops, providing you with practical takeaways you can immediately implement.

People Watching a Presentation in A Summit Room

One-of-a-Kind Networking

This Summit is all about building community. Connect with industry experts, and your peers over round-table discussions, breaks, meals, evening receptions.

Summit@Night

The days will be filled with the latest in advancing security culture, but the fun goes up a notch at night for those joining us in Las Vegas. Enjoy food, drinks, and fun as you make new connections with fellow attendees.

World-Class SANS Security Awareness Courses

Enhance your knowledge base and add to your toolkit by bundling your Summit experience with a hands-on, immersive course taught by top SANS instructors and course authors before the Summit.

Early Bird Offer

Save $500 USD using the code "EarlyBirdNA" and pay for any 4-6 day course (excluding Beta Courses and 300 Level Courses) by July 4, 2026.

Register

Summit and Course Registration

from $3,000 USD

In personIncludes

Course: Live Instructor Training with Hands-on Exercises
Summit: Talks, Presentations and Workshops
Summit: Unmatched Networking
Summit: Evening Reception
Summit: Access to Exhibit Hall
Summit: Light Breakfast, Lunch, and Breaks with Snacks and Beverages

Select course to Enroll

Live onlineIncludes

Course: Virtual Live Instructor Training with Hands-on Exercises
Summit: Access to Select Talks
Summit: Interactive Chat on Slack
First Access to Approved Recordings and Decks

Select course to Enroll

Summit Registration Only

from Free

$525 USD*Prices exclude applicable local taxes

In personIncludes

Talks, Presentations and Workshops
Unmatched Networking
Evening Reception
Access to Summit Exhibit Hall
Light Breakfast, Lunch, and Breaks with Snacks and Beverages
First Access to Approved Recordings and Decks

Attend In PersonLogin to register

Free

Live onlineIncludes

Access to Select Talks
Interactive Chat on Slack
First Access to Approved Recordings and Decks

Important Dates

Refund Deadline:: August 7, 2026
Hotel Group Discount Deadline:: July 23, 2026

Courses

Looking for Group Purchasing? Contact Us

Showing 4 of 4

Filter by:

SEC301: Introduction to Cyber Security

SEC301Cyber Defense

SEC673: Advanced Information Security Automation with Python

GIAC Information Security Fundamentals
5 Days
30 CPEs
Sean Thomas

Starts 19 Aug 2026 at 8:30 AM PT
$3,000 USD (Course)
$499 USD (Certification)
*Prices exclude applicable local taxes

View course details

LDR512: Security Leadership Essentials for Managers

LDR512Cybersecurity Leadership

GIAC Security Leadership
5 Days
30 CPEs
My-Ngoc Nguyen

Starts 19 Aug 2026 at 8:30 AM PT
$8,260 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

LDR514: Security Strategic Planning, Policy, and Leadership

LDR514Cybersecurity Leadership

GIAC Strategic Planning, Policy, and Leadership
5 Days
30 CPEs
Kim Jones

Starts 19 Aug 2026 at 8:30 AM PT
$8,260 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

LDR433: Managing Human Risk

LDR433Cybersecurity Leadership

SANS Security Awareness Professional
3 Days
18 CPEs
Lance Spitzner

Starts 24 Aug 2026 at 8:30 AM PT
$5,250 USD (Course)
$719 USD (Certification)
*Prices exclude applicable local taxes

View course details

Advisory Board

Lance Spitzner

Director, Workforce Cybersecurity Training at SANS Institute

Lance revolutionized cyber defense by founding the Honeynet Project. At SANS, he has empowered over 350 organizations worldwide to build resilient security cultures, transforming human risk management into a cornerstone of modern cybersecurity.

Learn more

Hannah Hardee

Technology Analyst at Southwest Airlines

Hannah Hardee is a Technology Analyst at Southwest Airlines that works to strengthen the organization against digital threats while cultivating her team into industry thought leaders.

Learn more

Anna Pieczątkowska

Cybersecurity Culture and AI Adoption Advisor at Cyber Aperitivo

Anna Pieczątkowska is a recognized human risk management expert with 15+ years of training experience and 8 years creating innovative cybersecurity strategies.

Learn more

Candice Smart

CISO at Cooperative Business Services, LLC

Candice Smart is a seasoned cybersecurity executive with over a decade of experience driving strategic transformation and operational excellence in the financial services sector.

Learn more

Holly Knowles

Culture, Training and Awareness Lead at Pacific Life

At Pacific Life, Holly's role encompasses risk culture management, employee and contractor training, simulated phishing messages, the creation of branded internal training videos and awareness materials, and the facilitation of quarterly BeSAFE awareness events

Learn more

Cheryl Wong

Cyber Culture & Engagement Lead at EBOS Group

Cheryl is a cybersecurity leader specializing in security culture and behavior change, with a strong focus on embedding practical, people centered security practices across organizations.

Learn more

Schedule

Summit Dates

Wednesday, August 27th - Friday, August 28th

Training Dates

Monday, August 24th - Wednesday, August 26th

Showing 1 of 42

Filter by:

Select day:

SANS@Night: Your Workforce is Using AI. Now What?

AI is already in your workplace. From generative tools that create content in seconds to emerging agentic systems that can plan and take action, your workforce is experimenting, often without fully understanding the risks or responsibilities.

06:00PM - 07:00PM PDT

In-Person

Presented by

Lance Spitzner

Director, Workforce Cybersecurity Training at SANS Institute

Breakfast & Credential Pick Up

07:30AM - 09:00AM PDT

In-Person

Opening Remarks

09:00AM - 09:20AM PDT

In-Person & Virtual

Presented by

Lance Spitzner

Director, Workforce Cybersecurity Training at SANS Institute

Hannah Hardee

Technology Analyst at Southwest Airlines

Table Top Introductions: Get to Know Your Neighbor

09:20AM - 09:40AM PDT

In-Person & Virtual

Keynote Announced! Shawnee Delaney, CEO, Vaillance Group

09:40AM - 10:20AM PDT

In-Person & Virtual

Break

10:20AM - 10:40AM PDT

In-Person & Virtual

Awareness Isn’t the Problem: Why Environment Design Drives Human Cyber Risk

Speaker: Elodie Bridoux

Why do human driven cyber incidents keep repeating, despite years of awareness and training? Because most security decisions are not made in classrooms. They are made under pressure, in poorly designed processes, with tools and workflows that quietly reward insecure behavior.

10:40AM - 11:05AM PDT

In-Person & Virtual

Simulated, Not Communicated: How Broken Feedback Loops Undermine Security Awarenes

Speaker: Pallavi Parab

Across many organizations, a pattern repeats itself. Phishing simulation runs. Results go to senior leadership. Employees who were tested hear nothing. No one knows if the organization passed or failed. A few months later, nothing has changed.

Live Online

10:40AM - 11:05AM PDT

Virtual

How Security Culture Professionals Stay Relevant in the Age of AI

Artificial intelligence (AI) is already reshaping Security Culture and Awareness work. From drafting communication to generating phishing simulation ideas and creating short videos in a couple of minutes. For many practitioners, that creates both opportunity and anxiety: if AI can do the work faster and cheaper, how will this change our role?

11:10AM - 11:35AM PDT

In-Person & Virtual

Presented by

Cheryl Wong

Cyber Culture & Engagement Lead at EBOS Group

Daisy Wong

Head of Security Awareness at Mediabank

Security Culture by Design: Using Behavioral Analytics to Reduce Human Risk in High-Exposure Teams.

Speaker: Pratik Singh

Security culture does not improve through annual training, awareness posters, or phishing failure shaming. It improves when it is intentionally designed, measured, and continuously optimized using behavioral intelligence.

Live Online

11:10AM - 11:35AM PDT

Virtual

Your Security Awareness Program is a Talent Strategy: Managing Workforce Risk Beyond Training

Speaker: Deidre Diamond

Security awareness programs often focus on training content and phishing simulations — yet one of the largest drivers of human cyber risk is workforce instability, skills gaps, and retention challenges.

Live Online

11:40AM - 12:05PM PDT

Virtual

Lightning Talks

Sara Mikail | From CISO Says No to Partner in Yes

Tim Ward | Overview of Behavior Models

Gabi Beasca | What a Spicy Campaign Can Teach Us About Executive Buy-In

Elsie Brown | What AI Becomes the Crisis: What 100+ Simulations Reveal About Human Behavior Under Pressure

11:40AM - 12:30PM PDT

In-Person & Virtual

Presented by

Tim Ward

CEO & Co-founder, at Think Cyber Security Ltd

Gabi Beasca

IT Risk and Compliance Lead at Glidewell

What Would You Do? Using SJTs to Reveal Security Culture and Guide Interventions

Speakers: Samantha Phillips & Corey Bolger

Most organizations measure security culture through surveys, phishing simulations, and training metrics. While useful, these approaches often miss something critical: why employees make the decisions they do. Without understanding the underlying type of security culture in an organization, interventions can feel generic, misaligned, or ineffective.

Live Online

12:10PM - 12:35PM PDT

Virtual

Lunch

12:30PM - 01:30PM PDT

In-Person & Virtual

You Can’t Spot What Looks Real: Rethinking Security Awareness in the Age of AI, Deepfakes, and Autonomous Attackers

We’ve made real progress in security awareness, helping people recognise and respond to threats more effectively than ever before. But what happens when the threats no longer look like threats at all?

01:30PM - 01:55PM PDT

In-Person & Virtual

Presented by

Dr. Jessica Barker

Co-CEO at Cygenta

WORKSHOP | Vibe Coding for Security Awareness: Build an Interactive Training Experience with AI (No Programming Required)

Security awareness teams are expected to create engaging, interactive training, but many lack the time, budget or development resources to build anything beyond static content. This hands-on workshop introduces vibe coding: a practical approach to using generative AI as a creative and technical partner to co-build interactive training experiences; without traditional coding skills.

01:30PM - 02:50PM PDT

In-Person

Presented by

Rebecca Arnett

Senior GRC Analyst at Blue Cross and Blue Shield of Louisana

Treat People Like Adults: How Trusting Employees Transformed Security Training at Postman

Speaker: Ashley Savageau

At Postman, we recognized that traditional security awareness training was failing. It didn’t make the company safer but it did make our employees cranky.

02:00PM - 02:25PM PDT

In-Person & Virtual

Findings of SANS Annual Report

02:25PM - 02:50PM PDT

In-Person & Virtual

Presented by

Lance Spitzner

Director, Workforce Cybersecurity Training at SANS Institute

Break

02:50PM - 03:10PM PDT

In-Person & Virtual

Security's Identity Problem: Why We Fail Our Internal Customers

I spent six months redesigning a security team's materials. New structure, clearer guidance, knowledge organised around the questions people ask. It looked great. Within six months, the team reverted to blocking behaviours. We'd rearranged the furniture without changing how security saw itself.

03:10PM - 03:35PM PDT

In-Person & Virtual

Presented by

Lee Richardson

Cybersecurity Consultant at FSP Consulting

WORKSHOP | From Posters to Partners: A Security Awareness Officer's Hands-On Playbook for Integrating with SOC, GRC, and Security Architecture

Let's name the thing nobody says out loud: most security awareness officers are the only person on the security team who's never invited into operational conversations. The SOC doesn't ask for your input. GRC doesn't include you in risk assessments. Security Architecture doesn't consult you on control design. You make posters. You send phishing simulations. You wonder if anyone takes you seriously. This workshop exists to change that - permanently!

03:10PM - 04:35PM PDT

In-Person

Presented by

Flavius Plesu

Founder at OutThink

Damon DePaolo

Cybersecurity Awareness and Training Lead at CVS Health

The Behavioral Patch: Turning Incident Response Post-Mortems into Insider Risk Mitigation

For a long time, Security Awareness and Incident Response teams operated as separate silos. CSIRT handles technical breaches, while Awareness teams lead compliance and education initiatives. However, there is little structured exchange between these functions. This disconnect creates a critical intelligence gap:

03:40PM - 04:05PM PDT

In-Person & Virtual

Presented by

Grazielle Alessa

Sr. Cybersecurity Lead at Mercado Bitcoin

From Awareness to Intelligence: Brewing a Data Driven Human Risk Capability

Speakers: Malgorzata Grabiec & Agata Labecka

Building a secure culture at scale it is quite a challenge, especially if you are responsible for driving awareness program in big, global companies - where local lenses make all the difference. We also have been there, trying our best to deliver meaningful awareness initiatives, utilizing mostly feedback about the local human risks.

04:10PM - 04:35PM PDT

In-Person & Virtual

Day 1 Wrap Up

04:35PM - 04:45PM PDT

In-Person & Virtual

Presented by

Lance Spitzner

Director, Workforce Cybersecurity Training at SANS Institute

Hannah Hardee

Technology Analyst at Southwest Airlines

Human Map

04:45PM - 05:15PM PDT

In-Person

Summit Social

06:00PM - 08:00PM PDT

In-Person

Breakfast

08:00AM - 09:00AM PDT

In-Person

Opening Remarks

09:00AM - 09:10AM PDT

In-Person & Virtual

Presented by

Lance Spitzner

Director, Workforce Cybersecurity Training at SANS Institute

Hannah Hardee

Technology Analyst at Southwest Airlines

Table Top Introductions: Get to Know Your Neighbor

09:10AM - 09:30AM PDT

In-Person & Virtual

Opening Panel Discussion

Speakers to be announced.

09:30AM - 10:10AM PDT

In-Person & Virtual

Break

10:10AM - 10:30AM PDT

In-Person & Virtual

The Missing Security Program: A Framework for Customer Security Evangelism

Speaker: Mark Sayewich

Every SaaS platform invests heavily in securing its own infrastructure. Almost none invest in building the security capabilities of the people using it. That gap is where incidents live, and where this session starts.

10:30AM - 10:55AM PDT

In-Person & Virtual

WORKSHOP | Interactive Discussion

10:30AM - 12:25PM PDT

In-Person

Presented by

Hannah Hardee

Technology Analyst at Southwest Airlines

Pooja Srivastava

Human Centric Security Lead at Genpact

The Impact of Mental Health on Cybersecurity Behavior

11:00AM - 11:25AM PDT

In-Person & Virtual

Presented by

Dr. Bob Hausmann

Learning Architecture Manager at Proofpoint

Beyond the Screen: Engaging the "Unconnected" Workforce in the Age of AI

Speaker: Gustavo Giovanetti

The most significant security gap in modern organizations isn't in the cloud; it’s on the front lines. While cybersecurity evolves at the speed of AI, a vast portion of the global workforce operates in physical, high-pressure environments with varying levels of digital maturity. These employees are often neglected by traditional, screen-based awareness programs, leaving them—and their companies—vulnerable.

11:30AM - 11:55AM PDT

In-Person & Virtual

Improving Mandatory Security Awareness Training Through Role Relevance and Gamification: Lessons from the Field

Speaker: Nadine Rose-Smith, Nestle

Mandatory security awareness training is widely deployed, yet frequently criticised for low engagement and limited impact on real-world behaviour. This

case study shares how one global organisation redesigned its mandatory programme to address a specific challenge the awareness community continues

to struggle with:

12:00PM - 12:25PM PDT

In-Person & Virtual

Lunch

12:25PM - 01:30PM PDT

In-Person & Virtual

Stop Training People and Design Safer Moments: 7 Micro-Interventions That Reduce Data Mistakes

Security awareness teams are being asked to reduce risky behavior—while employees move faster, collaborate more, and increasingly use AI tools. The result is a familiar pattern: training completion looks great, but everyday data mistakes persist (mis-sends, over-sharing, wrong permissions, and “AI copy/paste” of sensitive content).

01:30PM - 01:55PM PDT

In-Person & Virtual

Presented by

Pooyan Hamidi

Digital Trust and Privacy Lead at Deloitte

WORKSHOP | Effort‑to‑Impact Champions (E2I‑C) Workshop: Build a Turnover‑Proof, Outcome‑Based Security Champions Program in Five Steps

Speaker: Angela Rivas

Organizational changes shouldn’t derail your Security Champions program. In this hands‑on workshop, you’ll build a practical, outcome‑based operating model that survives leadership turnover. Using the E2I‑C method (baseline → map → instrument → pilot → roll out), you’ll map activities to outcomes with the Connect / Find / Fix / Prevent (C/F/F/P) framework, define manager‑friendly metrics (visibility, consistency, AI readiness, behavior), and assemble a leadership dashboard leaders can evaluate and iterate.

01:30PM - 02:55PM PDT

In-Person

Talk to be Announced

02:00PM - 02:25PM PDT

In-Person & Virtual

Solo Campaign: Building Security Culture When You're the Whole Department

You ARE the IT department. You are also the security team, the awareness program, and the culture change initiative. You have no budget, no dedicated staff, and a workforce that clicks through compliance training and forgets everything by Friday.

02:30PM - 02:55PM PDT

In-Person & Virtual

Presented by

Liz Gore

Director of IT and Operations at Educators for Quality Alternatives

Day 2 Wrap Up

03:00PM - 03:20PM PDT

In-Person & Virtual

Presented by

Lance Spitzner

Director, Workforce Cybersecurity Training at SANS Institute

Hannah Hardee

Technology Analyst at Southwest Airlines

Caesars Palace

Hotel Special Rates and Reservations

A special discounted rate of $209.00 S/D plus applicable taxes will be honored based on space availability. There is a daily discounted resort fee of $49.95 per room, per night, plus applicable state and local tax. Resort fee includes unlimited local phone calls (no long distance or international calls,) two guest admissions per day to the Fitness Center (does not include use of the spa,) in-room internet access to include two devices per room per day (property-wide roaming may be available for an additional fee.)

A limited number of Government Per Diem rooms at the prevailing rate are available with proper ID. Government rooms have a daily discounted resort fee of $10.00 per room, per night to include the benefits listed above. The full price resort fee will appear on the booking link, but the discounted rate will be applied at check-in.

These rates are only available through Thursday, July 23, 2026.

Book A Reservation

3 Reasons To Stay At The Event Venue

Ultimate Convenience
Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.
Seamless Networking Opportunities
Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.
All Day, All Event Access
SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SANS Security Awareness & Culture Summit 2026

Share

Advancing Security Culture

What Attendees Say

Summit Highlights

In-Depth Talks and Sessions

Workshops

One-of-a-Kind Networking

Summit@Night

World-Class SANS Security Awareness Courses

Register

Summit and Course Registration

Summit Registration Only

Courses

SSAP Certification

Extra 4 Months of Course Access

SEC301: Introduction to Cyber Security

Quick view

LDR512: Security Leadership Essentials for Managers

Quick view

LDR514: Security Strategic Planning, Policy, and Leadership

Quick view

LDR433: Managing Human Risk

Quick view

Advisory Board

Lance Spitzner

Hannah Hardee

Anna Pieczątkowska

Candice Smart

Holly Knowles

Cheryl Wong

Schedule

Summit Dates

Training Dates

SANS@Night: Your Workforce is Using AI. Now What?

Breakfast & Credential Pick Up

Opening Remarks

Table Top Introductions: Get to Know Your Neighbor

Keynote Announced! Shawnee Delaney, CEO, Vaillance Group

Break

Awareness Isn’t the Problem: Why Environment Design Drives Human Cyber Risk

Simulated, Not Communicated: How Broken Feedback Loops Undermine Security Awarenes

How Security Culture Professionals Stay Relevant in the Age of AI

Security Culture by Design: Using Behavioral Analytics to Reduce Human Risk in High-Exposure Teams.

Your Security Awareness Program is a Talent Strategy: Managing Workforce Risk Beyond Training

Lightning Talks

What Would You Do? Using SJTs to Reveal Security Culture and Guide Interventions

Lunch

You Can’t Spot What Looks Real: Rethinking Security Awareness in the Age of AI, Deepfakes, and Autonomous Attackers

WORKSHOP | Vibe Coding for Security Awareness: Build an Interactive Training Experience with AI (No Programming Required)

Treat People Like Adults: How Trusting Employees Transformed Security Training at Postman

Findings of SANS Annual Report

Break

Security's Identity Problem: Why We Fail Our Internal Customers

WORKSHOP | From Posters to Partners: A Security Awareness Officer's Hands-On Playbook for Integrating with SOC, GRC, and Security Architecture

The Behavioral Patch: Turning Incident Response Post-Mortems into Insider Risk Mitigation

From Awareness to Intelligence: Brewing a Data Driven Human Risk Capability

Day 1 Wrap Up

Human Map

Summit Social

Breakfast

Opening Remarks

Table Top Introductions: Get to Know Your Neighbor

Opening Panel Discussion

Break

The Missing Security Program: A Framework for Customer Security Evangelism

WORKSHOP | Interactive Discussion

The Impact of Mental Health on Cybersecurity Behavior

Beyond the Screen: Engaging the "Unconnected" Workforce in the Age of AI

Improving Mandatory Security Awareness Training Through Role Relevance and Gamification: Lessons from the Field

Lunch

Stop Training People and Design Safer Moments: 7 Micro-Interventions That Reduce Data Mistakes

WORKSHOP | Effort‑to‑Impact Champions (E2I‑C) Workshop: Build a Turnover‑Proof, Outcome‑Based Security Champions Program in Five Steps

Talk to be Announced

Solo Campaign: Building Security Culture When You're the Whole Department

Day 2 Wrap Up

Caesars Palace

3 Reasons To Stay At The Event Venue

Ultimate Convenience